Malware apps on Android? Do this to keep your phone safe

Malware is a technical term, which combines “malicious” and “software” into one nifty word. Essentially, it is a type of program, which is designed to exploit computer systems, networks or devices. And given that Android smartphones are pretty close to PCs nowadays, you can bet that there's malware designed for them too.

One of the most pedestrian ways to get your device infected with malware, ranging from trojans to spyware, is to:

• Open suspicious emails and their attachments
• Connect to unsafe public networks
• Browse shady websites online
• Mount a unknown USB device
• Download infected software

And that last one is where Google Play comes in. Precisely because the platform prides itself in its defense systems, it is easy to get your phone infected with malware directly from the Play Store. I mean, if it is on there, it has to be safe, right? Right?

Alas, once the malware has been installed on your phone or tablet, its only limitation becomes the imagination and proficiency of its developer. Some of the most dangerous examples are:

• Stealing personal data
• Corrupting files
• Locking your system and files behind a paywall
• Deleting everything on your phone
• Trick you into phishing scams
• Hijacking your phone to perform activities like:
  ○ Spying on you through the camera
  ○ Utilizing your resources to farm cryptocurrencies
  ○ Gather information on you as an individual

But how do those nasty apps get on Google Play in the first place? Well, aside from the occasional mishap of the bots and people that check them before listing them in the Store, social engineering plays a huge role here. It is the key ingredient that not only fools Google into thinking everything is legitimate, but also most of you into downloading the apps in the first place.

Basically, social engineering is the dark side of marketing. While many social engineers use their skills to inform the people and raise awareness, others don’t hesitate to utilize it with malicious intent in order to convince people that they need to do something.

As such, when talking about malicious apps on Google Play, social engineering most often plays a part in the app’s name, its screenshots and description. Here are some of the most notable red flags to look out for:

• The App’s name copies the name of a real, safe app, but with a twist
• A sensational tone
• Features and functions that are too good to be true
• Offering premium services at no cost
• Pushing to get the app fast as it has a limited-time offer
• Utilization of fear tactics in the description of the app
• Promising rewards such as premium features in exchange for access permissions
• Usage of bad language and poor grammar
• Contain “fake” reviews which push the app to a positive rating

On the visual side of things, the screenshots and icons of apps of this type most often have a very clickbaity feel to them. They utilize simple visual elements such as:

• Text that states “100% safe” or “satisfaction guaranteed”
• Fake “App of the year” or “Best of 2023” gold medal stickers
• Red banners with text such as “Premium” or “Winner”

Now, all that being said, legitimate developers also utilize elements like this. How do you tell them apart? Well, typically they don’t use free stock images found online or very bright, warm colors. You can’t always be certain, but your best bet is to double check if the app is from Microsoft or Micorosft.

Knowing how to recognize a malicious app before you download it is half the battle. The process requires you to take some time to examine everything you can see objectively in order to decide if it is safe to click that “Install” button.

In review, you should always check:

• Do the visual elements look original?
  ⇨ You can Google them through Lens and see if they are stolen
• Is the language of the description correct and neutral?
  ⇨ You can copy the description on a PC and check it with a grammar tool
• Does the developer have any other apps? What type are they?
  ⇨ Google their name and check to see if they have a portfolio or website
• Does the app have reviews? Are they well written?
  ⇨ Focus on negative reviews, using the Play Store’s filters
• Does the app have a negative reputation online?
  ⇨ You can always google “is *app’s name* safe to use”

But through the aforementioned means, some of these devs trick Google. And chances are that some of them may trick you too. So, you need to know how to check for that as well.

So, you’ve installed one of those “Free 4K Wallpapers” or “Android RAM Boost” apps. How can you tell if it is legitimate? Well, here are the most notable signs that you’ve probably got malware on your Android phone:

• Your device started to warm up randomly throughout the day, and sometimes it isn't even being used when that happens
• Your battery drain has gotten worse rather abruptly
• You begin seeing unfamiliar apps on your phone, that you can't recall installing
• Your phone is unusually sluggish when you use it
• Sometimes, ads start popping up on your phone’s menus
• You notice that your phone has used way more mobile or Wi-Fi data
• Your phone’s settings have changed and now your ringtone is defaulted
• Suddenly, your account name has changed to something in punjabi

Now, that last one is a dead giveaway, but it is something that I’ve personally seen with my own eyes. An hour later, the hacker had hijacked my friend’s Facebook and Instagram accounts. The only thing that saved his Google account was my immediate recommendation to set up 2FA while the insanity was still going on.

All of that happened because he had installed a 3D Wallpapers app from Google Play.

Now, a very important note here is that you don’t need all of these signs to begin showing up in order to suspect that something weird is going on. In fact, if you notice just one of the items on the list, you should act immediately. So here is what you should do:

1. Uninstall any new apps you’ve downloaded in the last week or so
   ○ Except if they are by very reputable developers like Microsoft, Google, Samsung, etc
2. Restart your phone. This will disrupt any ongoing connecting to the hacker
3. Connect to a safe network
4. Download a trusted anti-malware app such Malwarebytes’ app and run it
   ○ Some phones come with their own pre-installed apps, such as those found on Galaxy devices, so you can run those just in case as well
5. Check all of the accounts you have on your phone, which have any sort of sensitive info such as payment methods or IDs, and make sure that there have not been any unwanted changes
6. Change the passwords of any of them that you suspect may have been tampered with
   ○ This is your usual reminder to set up 2FA everywhere

Now that you are safe, it is pretty important that you go back and make sure that the app can’t harm anyone else, especially after you’ve seen first hand how bothersome it can be. So here’s what you can do:

1. Go on Google Play and find the suspicious app
2. Leave a negative review
3. From the app listing, select the kebab menu on the upper right
4. Select “Flag as inappropriate” and submit your application

And that is about it! You are now prepared to:

• Detect malicious apps when you see them
• Note if they’ve been installed on your phone
• Combat them if need be
• Make sure that others don’t suffer the same consequences

That being said, you must stay vigilant. Technology is rapidly and constantly evolving and hackers are catching up quickly. Social engineers are getting better day by day too. So at the end of the day, the only thing that can truly keep you safe is your common sense.

Trust your gut, double check everything and you and your daily driver should be good to go!